Last week we shared the news about Xavier virus that has affected more than 800 Android apps in Google Play Store. However, a new Android virus has just been discovered. It seems it hasn’t entered Google Play Store and only spreads via third-party app download sites.

Known as Android.BankBot.211.origin,[1] malware aims at financial and banking information, so it can easily cause financial loss to the users. However, it might also track messages, installed apps and every step users take with his or her smartphone or tablet.

Malware takes screenshots, so it has no problems collecting passwords or login details. What is more, it’s a strong and aggressive mobile infection that prevents users from the removal. The good news is, it’s still possible to get rid of the virus and protect your sensitive information from cyber criminals.

The main information about BankBot mobile Trojan

BankBot malware was first spotted in April 2008. Undoubtedly, criminals updated the virus since then. Few variants emerged earlier this year and affected more than 400 apps on Google Play Store.[2] According to the Russian security company Dr.Web, the recent version of malware is known as Android.BankBot.211.origin.

The first targets of the virus were located in Turkey. However, cyber criminals decided to expand their target field and continuing spreading in the United States, the United Kingdom, France, Germany, Poland, and Ukraine.[3] Fortunately, the virus hasn’t entered Google Play store. Thus, users who download apps from third-party sources might encounter this cyber threat.

Malware has been noticed spreading as an obfuscated Adobe Flash Player.[4] However, other well-known programs distributed on suspicious and unknown third-party sites might be spreading malicious trojan as well. Hence, if you need to install Adobe or other popular apps to your smartphone, make sure that you download it from the official website.

After the hijack, Android virus gets administrative access to the device and initiate many activities to get banking, financial and other sensitive information about the user. For instance, it might display fake login screens where users have to enter their login or credit card information. Malware communicates with its Command and Control (C&C) server and completes various tasks.

Although the Android.BankBot.211.origin mostly aims at financial data, such as credit card details, it might also steal contact list, information about installed apps, SMS, and even take screenshots of victim’s activities, including entering login names and passwords.

Banking Trojan might bypass security software

Android.BankBot.211.origin can bypass mobile’s security and block antivirus installed on the device. Thus, its detection and removal require putting some effort.

In order to remove this Android malware, you have to:

Boot the smartphone to Safe Mode.

Log into system settings.

Go to the list of device administrators. Here you should find the malware and delete it. This malicious app might deliver alerts that elimination may lead to data loss. However, do not pay attention to it and just get rid of the virus.

Reboot your device.

Run a full system scan with an updated security software to delete all virus-related entries from the system entirely.

Of course, you should not risk encountering this mobile Trojan. It’s better to take precautions[5] before it’s too late. You should keep away from unknown app download sites and always double check the information about developers.